RHSA-2017:2841 - Security Advisory

Synopsis

Critical: dnsmasq security update

Type/Severity

Security Advisory: Critical

Topic

An update for dnsmasq is now available for Red Hat Enterprise Linux 5.9 Long Life.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)